HP » Data Protector : Security Vulnerabilities, CVEs,
A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found.
Max CVSS
5.5
EPSS Score
0.42%
Published
2018-02-15
Updated
2018-03-07
A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found.
Max CVSS
7.8
EPSS Score
3.61%
Published
2018-02-15
Updated
2018-03-07
A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found.
Max CVSS
10.0
EPSS Score
7.18%
Published
2018-02-15
Updated
2018-03-07
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors.
Max CVSS
9.8
EPSS Score
1.63%
Published
2016-04-21
Updated
2019-07-16
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3354.
Max CVSS
10.0
EPSS Score
43.29%
Published
2016-04-21
Updated
2019-07-16
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3353.
Max CVSS
10.0
EPSS Score
43.29%
Published
2016-04-21
Updated
2019-07-16
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3352.
Max CVSS
10.0
EPSS Score
43.29%
Published
2016-04-21
Updated
2019-07-16
CVE-2016-2004
Public exploit
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2623.
Max CVSS
9.8
EPSS Score
15.94%
Published
2016-04-21
Updated
2019-07-12
Multiple directory traversal vulnerabilities in crs.exe in the Cell Request Service in HP Data Protector allow remote attackers to create arbitrary files via an opcode-1091 request, or create or delete arbitrary files via an opcode-305 request. NOTE: the vendor reportedly asserts that this behavior is "by design.
Max CVSS
6.4
EPSS Score
96.04%
Published
2014-08-01
Updated
2024-04-11
Unspecified vulnerability in the Media Management Daemon (mmd) in HP Data Protector 6.11 and earlier allows remote attackers to cause a denial of service via unknown vectors.
Max CVSS
7.8
EPSS Score
2.20%
Published
2011-08-01
Updated
2017-08-29
The client in HP Data Protector does not verify the contents of files associated with the EXEC_CMD command, which allows remote attackers to execute arbitrary script code by providing this code with a trusted filename, as demonstrated by omni_chk_ds.sh.
Max CVSS
10.0
EPSS Score
3.95%
Published
2011-02-09
Updated
2018-10-09
CVE-2011-0923
Public exploit
The client in HP Data Protector does not properly validate EXEC_CMD arguments, which allows remote attackers to execute arbitrary Perl code via a crafted command, related to the "local bin directory."
Max CVSS
10.0
EPSS Score
97.23%
Published
2011-02-09
Updated
2016-08-23
CVE-2011-0922
Public exploit
The client in HP Data Protector allows remote attackers to execute arbitrary programs via an EXEC_SETUP command that references a UNC share pathname.
Max CVSS
10.0
EPSS Score
96.68%
Published
2011-02-09
Updated
2018-10-09
crs.exe in the Cell Manager Service in the client in HP Data Protector does not properly validate credentials associated with the hostname, domain, and username, which allows remote attackers to execute arbitrary code by sending unspecified data over TCP, related to the webreporting client, the applet domain, and the java username.
Max CVSS
10.0
EPSS Score
35.65%
Published
2011-02-09
Updated
2016-08-23
14 vulnerabilities found